Hash a password using bcrypt or Argon2, or verify that a plaintext password matches an existing hash.
This tool lets you generate a secure password hash using bcrypt, Argon2i, or Argon2id directly in your browser â no Python, PHP, or any other software required. It also supports a verify mode: enter a plaintext password and an existing hash to check whether they match.
Storing passwords in plaintext or as MD5/SHA-1 is extremely dangerous. If a database leaks, all passwords are immediately exposed. Modern algorithms â bcrypt and Argon2 â are deliberately slow: brute-forcing a billion candidates takes years even on a high-end GPU.
$2y$10$ and is 60 characters long.Winner of the Password Hashing Competition in 2015. Argon2id (recommended by OWASP and RFC 9106) combines resistance to both GPU attacks and side-channel attacks. It supports tunable memory cost, iteration count, and parallelism â making it future-proof against hardware advances.
bcrypt is a classic algorithm (1999) that is well-tested and universally supported, but it is capped at 72 bytes and does not use parallelism. Argon2id (2015) supports configurable memory and thread usage, making it significantly more resistant to GPU and ASIC attacks. Use Argon2id for new projects.
Hashing runs on the 101IP server. Do not enter passwords from live accounts. Use this tool for testing, learning about algorithms, or generating hashes during development. For production, always hash passwords on your own server.
bcrypt and Argon2 automatically generate a random salt on each call and embed it in the output hash. This is expected behaviour â when verifying, the algorithm extracts the salt from the stored hash and recomputes the result for comparison.